| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
add test which is previously uncovered case.
(cherry picked from commit 1281c928a78181eb54d4c371d4c8ad5be20904a7)
|
| |
|
|
|
|
| |
add test which is previously uncovered case.
(backported from commit 25022624fd7c178c76f75afe25e1ad07f4628370)
|
| |
|
|
|
|
|
|
|
|
| |
%undefine output is not what this test is about, it's what happens
afterwards. Commit aec8bdb53a3013eabf16368e17a65ab69c2136ee changed
what happens in this very context, but then %undefine is not intended to
used this way and its output is not what is being tested here, macro
scope behavior is.
(cherry picked from commit e73c9827a5ad492e6f86d387fa17b1011a09057a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Glibc provides low-cost memory sanity checking on it's own, it'd be
foolish not to take advantage of this in the test-suite for our CI.
As this introduces a level of randomness to the system, record the
environment in a file (in particular, glibc.malloc.perturb value) to
make possible failures reproducable.
This is effective for glibc >= 2.34 only, in older versions the
mechanism to enable differs.
Based on initial patch by Elia Pinto.
(cherry picked from commit 52dc80022ec8c01ab77ecdc5a79a323289ae48ae)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The `rpmkeys type confusion` test was added in ec13083f46a1e to check
that the internal OpenPGP parser rejects a certificate with an invalid
component. The Sequoia backend happily accepts the certificate and
ignores the invalid component, which causes the test to fail. Mark
the test as specific to the internal OpenPGP backend.
Fixes #2272.
(cherry picked from commit db1c9da7fe507b7eb0424bf9c76b6cf37094ed36)
|
| |
|
|
|
|
|
|
|
| |
Decisions about number of CPUs to use need to be determinable at the
exact time of build, the moment of parsing has little to do with it.
Have %_smp_mflags take its value from the environment which we do
control at the time of build, rather than the spec parse moment.
(cherry picked from commit 0576d24756fe975d890f5535a21cfdfd35fc2ca4)
|
| |
|
|
|
|
|
|
|
|
|
| |
%_smp_mflags and the related macros that it grew around itself used to
be platform specific as they relied on external tooling (eg getconf for
getting processor count), but since rpm 4.15 this has been backed by the
built-in %{getncpus} macro which is available on all platforms, so
there's zero reason to duplicate this stuff on all platform files.
Fixes: #2265
(cherry picked from commit 5049fc701561b258b722b3400460d8828ce9e64e)
|
| |
|
|
|
|
|
|
|
|
| |
The build and source directories are plain old directories, never any
sort of URLs. Drop the misleading and obfuscating u2p macro uses from
the build environment setting.
As of this commit, u2p is unused within rpm.
(cherry picked from commit 3d56ca240a8396537dff9bb3005d1351d16d5224)
|
| |
|
|
|
|
|
| |
On Debian and derivates, /bin/sh points to /bin/dash which among other
things doesn't support brace expansion.
(cherry picked from commit cdecb62ad4263654dc24ea1739a7d2471d29e528)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RPM’s simple public key parser cannot handle multiple public keys in the
same input stream. While this could be fixed, it would require
substantial refactoring in code that will eventually be replaced. This
is because the pgpDigParams struct can only hold a single public key.
Currently, a second public key packet does not update the
algorithm-specific data for the public key. However, it *will* update
the public key algorithm, if no signature packet has appeared in the
meantime. This prevents the security check in the previous commits from
working and leads to a type confusion bug.
Fix this bug by returning an error if a second PGPTAG_PUBLIC_KEY packet
is found in the input stream. This *does not* affect `rpmkeys --import`
because it explicitly checks for multiple PGPTAG_PUBLIC_KEY packets and
imports them separately. It *does* affect the rpmPubkeyRead() and
rpmPubkeyNew() functions; these will need to be fixed if this limitation
is a problem for them.
(cherry picked from commit c94051f99a6d134e719be9af1c8934d818594c74)
|
| |
|
|
|
|
|
|
|
|
| |
pgpVerifySignature() should check that the provided signature is in fact
a signature, and that provided key is in fact a public key. Otherwise,
a type confusion bug could result if something that is not a signature
or public key is passed. RPM itself never calls pgpVerifySignature()
without having checked the types so all calls in RPM are safe.
(cherry picked from commit 201cd279ec4ea743123d067cf31b04d76f86829e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RPM, both signatures and public keys are stored as heap-allocated
opaque structs. The type of the struct is determined by whether this is
a signature or a key and by the public-key algorithm in the associated
pgpDigParams_s struct. However, when verifying a signature, RPM did not
check that the signature and public key used the same public-key
algorithm. If they did not, the signature verification code will
interpret a pointer to the struct specified by the public key’s
public-key algorithm as a pointer to the struct specified by the
signature’s public-key algorithm. This is not a problem when verifying
package signatures, as findbySig() (in rpmio/rpmkeyring.c) checks that
the public-key algorithms used by the signature and the public key
match. If they do not, it returns NULL, causing both rpmKeyringLookup()
and rpmKeyringVerifySig() to return RPMRC_NOKEY. However, the code that
checks subkey binding signatures does *not* check this, so the type
confusion can be triggered when importing a crafted key. This is
demonstrated by the included test case, which segfaults when OpenSSL is
used as the underlying cryptographic library. Fix the problem by
checking that the algorithms match in pgpVerifySignature().
(backported from commit ec13083f46a1efe8700925538b4f98dc45af93bc)
|
| |
|
|
| |
(cherry picked from commit 752ed08d1026aeb4aa1716f32064453005e12d5e)
|
| |
|
|
| |
(cherry picked from commit 43155029ccf530a5cd184a53c68ddcb46ce7983b)
|
| |
|
|
| |
(cherry picked from commit 14e14a5c2a5140b00816ac7b8f104af810ab5208)
|
| |
|
|
|
|
|
|
|
|
| |
Adding a comment to a spec can't affect the test-suite, right? Well,
wrong.
Certainly did not remember we have a --parse test on this particular
spec. Doh.
(cherry picked from commit bf1771b06009a34fecc4e764601757cbb4ee97a4)
|
| |
|
|
|
|
|
|
|
|
| |
For most tests, it's the worst possible example because it's arch
dependent and requires complicated external tools to build. Both of
which are wholly unnecessary complications you don't want to deal with,
unless your test-case actually requires running a compiler from rpmbuild
and inspecting its output.
(cherry picked from commit 190354cb19af6ecdfec6f7eaa454d6afcf381128)
|
| |
|
|
|
|
| |
Just refer to the newly added mode string API docs.
(cherry picked from commit bf6a97da0b035ce1d341f01b6301407dcad5a5af)
|
| |
|
|
| |
(cherry picked from commit 919c835610c05e5a69d0813d28a3f3a6b7eddcd8)
|
| |
|
|
|
|
|
|
|
|
|
| |
A missing epoch is returned as NULL from rpmteE(), but the rpmdb
matching code can't handle NULL in any meaningful way currently.
Arguably it should, but that's a bigger topic...
Specifically convert a missing epoch to a "0" which matches the behavior
in mireSkip() to handle, adjust testcases as appropriate.
(cherry picked from commit 89676fad73d0808588dca620344efa4d6b3889b4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport notes:
Replace "~/.rpmmacros" with a non-tilde default path due to a bug in the
bundled glob(3) implementation which doesn't yield any matches for a "~"
pattern in a fakechroot environment where FAKECHROOT_BASE and HOME both
point at the same directory (thus preventing RPM from picking up the
%_query_all_fmt macro in the tests). This is not an issue on master
since it carries commit 66fa46c006bae0f28d93238b8f7f1c923645eee5 but
that's not appropriate for a stable branch.
(backported from commit 7788763e09b7beed75345e11c223735ad4829fdb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libselinux logs to stderr by default, which up to now has been just fine
with us. However somewhere around libselinux 3.2 it begun issuing
log messages for events discovered in selinux_status_updated().
We only call that to see whether the status *was* updated behind our
back and are not interested in these audit-style messages for our
functionality, but to suppress them while preserving actually relevant
errors and warnings, we need to have a log callback of our own. Might as
well forward them to rpmlog then.
SELINUX_ERROR and SELINUX_WARNING are pretty obvious, of SELINUX_AVC
selinux_set_callback(3) says it should be treated as SELINUX_ERROR if
not audited. The rest we suppress to debug messages, they may be handy
for diagnostics some day.
Note that this intentionally avoids explicit SELINUX_POLICYLOAD and
SELINUX_SETENFORCE cases in the switch: we don't want to introduce
libselinux >= 3.2 dependency just because of this silly thing.
(cherry picked from commit 96888e99c5103d9dea5230c917b946732de2d302)
|
| |
|
|
|
|
|
|
|
|
| |
Pandoc is only required for converting .md to man pages, which is not
terribly interesting unless you're creating a dist tarball. We already
have an automake conditional for pandoc, might as well use it.
"make dist" will still fail without pandoc, but that's exactly how we
want it.
(cherry picked from commit 1b8f7a182fe917ed5af5086d715cae529540a4d3)
|
| |
|
|
| |
(cherry picked from commit 9f59af51b5969ab38f64bb7dcf881f45b8a41e7f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- switch to read only and non blocking mode for pipe
- add 1 minute loop to wait for pipe to reappear
Sometimes during the system update/upgrade fapolicyd
get restarted e.g. when systemd gets updated.
That can lead to the situation where fapolicyd pipe
has been removed and created again.
In such cases rpm-plugin-fapolicyd gets stuck on
write() to the pipe which does not exist anymore.
After switching to non blocking file descriptor
we can try to reopen the pipe if there is an error
from write(). Assuming that a new pipe should appear
when fapolicyd daemon starts again.
If not then after 1 minute of waiting we expect
fapolicyd daemon to be not active and we let the
transaction continue.
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
(cherry picked from commit 534fd1f0c84b12ba6080a46e07c57ef913c77cba)
|
| |
|
|
|
|
|
|
|
| |
Commit d703160334ff545ce8bf7475da5689422f43dacc introduced a new step
to key import which can fail before keyring is initialized.
Always initialize your variables, never need "fixes" like this.
(cherry picked from commit a3d11f7a53811e42cbe36a91a1583a723c2fe108)
|
| |
|
|
| |
(cherry picked from commit 803da2eb97c4b5147f77a7cb0e03ef6d8a7e821a)
|
| |
|
|
| |
(cherry picked from commit cc3233790feaf0bb22e2057a5d798e5425f69978)
|
| |
|
|
|
| |
@PACKAGE_URL@ is not defined so the field would end up empty, so just
hardcode the URL here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To compensate for the loss of egg-info from the python distutils build,
create one ourselves.
This is effectively a backport of e31fb5b75898bfa09180dba02475c6d01764d94f
which dismissed the need for an automake version, but unfortunately Python
3.12 and automake-based rpm versions do co-exist in the same time-space
continuum and we'll have to deal with this in rpm 4.18 as well.
As to why not just use distutils from python-setuptools: that variant
turns the egg-info into a directory, which in rpm is a one-way street.
And we don't need that multi megabyte Python library to fill in these
couple of values, really.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It appears that some container deity somewhere has fixed the Docker
issue [1] that prevented us from upgrading beyond F34, but there was
another gotcha introduced in the meanwhile on Fedora side:
glibc-gconv-extras is now needed for our UTF-8 encoding check to work.
While at it, optimize the dnf side a bit: get rid of modularity repos
entirely so they don't come back via updates, and disable the H.264
repo too, we don't need *that* for building or testing rpm...
[1] https://github.com/moby/moby/pull/42681
(cherry picked from commit 6761c39063c88a79124e22e7484f9c70cefa3811)
|
| |
|
|
|
|
| |
Avoid unecessary clutter in the test failure reports...
(cherry picked from commit 56d469e0c0c254ab5d26e160ab0a869d068b3e76)
|
| |
|
|
| |
(cherry picked from commit 7c170513f534ce3e23a9d73d3225eebab1e59fb8)
|
| |
|
|
|
|
|
| |
This would leak the path whenever we already had the directory open.
Which happens a lot. Oops.
(cherry picked from commit f78be76a00878183da86d5e37ddbe421c5fe028c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Packages need to be able to differentiate between install and upgrade
scenarios, seems commit ab069ec876639d46d12dd76dad54fd8fb762e43d with
half the lights out...
As %posttrans happens after all the excitement, with the erasure elements
already executed, so the installed package count cannot be used to
differentiate between install and upgrade. So we need to find it out the
hard way: see if there's an erasure element that depends on this
package.
(cherry picked from commit 3848c97cb227e7c018781aa7d5e1e46990ce1ffb)
|
| |
|
|
|
|
|
|
|
|
| |
For the very unlikely case when openat() succeeded but fstatat()
doesn't, the directory descriptor may be leaved opened. Rearrange
the code a bit to ensure it'll always get closed when appropriate.
Suggested-by: Pavel Kopylov <pkopylov@cloudlinux.com>
Suggested-by: Dmitry Antipov <dantipov@cloudlinux.com>
(cherry picked from commit af08077fb4c60dee516948ce7bf9bed91de62119)
|
| |
|
|
|
|
| |
Should've been in commit 2bc745f2fde028e09f663c7967353e8b6aacdbf1
(cherry picked from commit 2c63113c8e9a1991386605c36dc1fdfea390b575)
|
| |
|
|
|
|
| |
Also add a unit test to exercise pgpPubkeyFingerprint.
Backported from commit 2bc745f2fde028e09f663c7967353e8b6aacdbf1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4bbeec134aab33e24f960be28a7b2198359c1f67 "fixed" an old
terminology confusion about keyid vs fingerprint, but in the process
broke pgpPubkeyFingerprint() for any external callers, as it now only
feeds on decoded packets whereas before it did the decoding by itself.
Add the decoding step back to the public function to make it usable outside
rpmpgp_internal.c again, retrieving a fingerprint seems like an useful
(public) API to have.
This is kind of a regression fix in that prior to commit
4bbeec134aab33e24f960be28a7b2198359c1f67 pgpPubkeyFingerprint() returned
meaningful data to the outside caller and afterwards it didn't, however
that commit broke the API anyhow so it's kinda complicated.
Maybe we should just call it a bugfix and be done with it.
Related to #1549
(cherry picked from commit dc9e8169790eba18130fb96c13f56ecba6c9b346)
|
| |
|
|
|
|
|
| |
The newly handled ^ needs to be accounted for when allocating memory.
Found when testing #1936, goes to show what a useful thing that is.
(cherry picked from commit 19d73f67883c011cc74326a5dc34f7009efa60e1)
|
| | |
|
| |
|
|
| |
(cherry picked from commit 0f0fa49170a62b8e6a3383acff4b6f292b79a57c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/rpm-software-management/rpm/commit/1cdb72ae48b7ba689c5c79118f4f0c1b4ffe6b7c
introduced a change where triplets that rpm doesn't know about
are rejected, which in turn causes a regression for users like
Yocto that explicitly use them.
In particular, x32 is a 64 bit x86 ABI with 32 bit pointers and
is supported via settings in custom /etc/rpmrc:
arch_compat: qemux86_64: all any noarch x86_64_x32 qemux86_64
(cherry picked from commit 73847f81794f5ec442ef56dc417aa069c23738a9)
|
| |
|
|
| |
(cherry picked from commit cf3150509ed7eb2407bdf1f5572cd613a30c2b86)
|
| |
|
|
|
|
| |
Should've been in bbfe1f86b2e4b5c0bd499d9f3dd9de9c9c20fff2
(cherry picked from commit 21c34bdd61c14f8044fcc5c0be90b1ec55eef2df)
|
| |
|
|
|
|
|
|
|
|
|
| |
The key to understanding `%bcond_with` and `%bcond_without` is that these
options *create command line switches* and unless the user thinks in those
exact terms, there's little hope of understanding them. Further, take
care to differentiate between option creation, enablement and defaults
in terminology and document `%bcond` version availability.
Fixes: #2150
(cherry picked from commit 8ee98091b7f50cfeab61e069c1cad0c74fa567a8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the repo is already initialized when calling this macro and it's
using a different branch name than "master" (see #2121) or the global
git option init.defaultBranch is set differently (see #2120), the macro
will fail at:
%{__git} branch --set-upstream-to=master
Instead of being overly clever, just track the original (start-point)
branch by using --track when branching (see git-branch(1) for details).
For brevity, combine this and branch creation into a single checkout
command.
This fixes commit 3a6b1d8fbf846d3f1b139d343fdfddebe99ae42b.
Thanks Panu for the clarification and suggestion in #854!
(cherry picked from commit 1f5ae2a6dd710de4a278087471bf0909ff9f6739)
|
| |
|
|
|
|
|
| |
As we look at the first 4 bytes anyway there is no reason to read more.
Reading more also hits a bug in bash on aarch64 (rhbz#2115206).
(cherry picked from commit 8f922eb38a096640e586ba0eda96adc093b74fc4)
|
| |
|
|
|
|
|
| |
Add testcase with special characters
Resolves: #1445
(cherry picked from commit 951f25bc8419e79593ae4fdfa3ee062dc58c60b2)
|
